Re: [ldapsearch -H ldaps:// -d 255] is not working

[JOYDEEP <j.bakshi@unlimitedmail.org>]

Greg Martin wrote:
> if you run ldapsearch with the -x switch it you can use simple auth
> with -D logindn  -w loginpassword
>
Thanks Greg for your response but [-x] actually disable the ssl and I
want to implement
it for security reason.
> \\Greg
>
> JOYDEEP wrote:
>> Dear list,
>>
>> I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking fine at
>> port 389 ( ldap://)
>> Now to secure it with  ssl, I have first generated a certificate with
>> Ca.sh script comes with linux.
>>
>> then I have modified my /etc/openldap/slapd.conf as
>> =========================================
>> TLSCipherSuite HIGH:MEDIUM:+SSLv2
>> TLSCertificateFile            /etc/openldap/myca/servercert.pem
>> TLSCertificateKeyFile        /etc/openldap/myca/serverkey.pem
>> TLSCACertificateFile         /etc/openldap/myca/cacert.pem
>> TLSVerifyClient never
>> =========================================
>>
>> I also modified /etc/openldap/ldap.conf  as
>> =================================
>> HOST 127.0.0.1:636
>> BASE    ou=Users,dc=kolkatainfoservices,dc=in
>> TLS_CACERT /etc/openldap/myca/cacert.pem
>> =================================
>>
>> now when I execute *ldapsearch -H ldaps:// -d 255* it asks for
>> ======================
>> ldap_msgfree
>> sasl_client_step: 2
>> Please enter your password:
>> ======================
>> after giving the manager password which is seceret it reports
>> ==========================
>> ldap_msgfree
>> ldap_perror
>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>>         additional info: SASL(-13): user not found: no secret in
>> database
>> ============================================
>>
>> could any one suggest what am I missing here ?
>> thanks.
>>
>>
>>
>>   
>
>